MAR-10265965.r2.v1
Malware Characterization
//node() | //@*
This document is marked TLP:WHITE--Disclosure is not limited. Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction. For more information on the Traffic Light Protocol (TLP), see http://www.us-cert.gov/tlp.
US-CERT
2020-02-12T08:50:19-05:00
BMachine
89
7.1.0
> 8
key1 = (key2>>0x10) & (key2>>8) & key2 ^ (key3>>0x10) & tmp1 ^ key3 & key1 ^ (key3>>0x18);
tmp2 = key3 * 2 ^ key3;
key3 = key2 << 0x18 | key3 >> 8;
key2 = (tmp2 & 0x1fe) << 0x16 | key2 >> 8;
return dec
--End Python3 Script--]]>
CCA9FBB11C194FC53015185B741887A8
3133440
PE32 executable (GUI) Intel 80386, for MS Windows
MD5
cca9fbb11c194fc53015185b741887a8
SHA1
9e7bf03a607558dafe146907db28d77fda81be22
SHA256
fdb87add07d3459c43cfa88744656f6c00effa6b7ec92cb7c8b911d233aeb4ac
SHA512
a1d1747dbc96c14b45f345679c0f7ba38186458f4992eecf382dd0af6391b4224c1b487431d681f5ffd052839f2901bc6203ea81c3235efcd82061d60eb10618
SSDEEP
49152:bbcROoCHuumCvGyQwNr6Ljvhg1J/4fxcBhmdSP8sWNRy8kLn3o1Dn:jVHaaGyQG6npcJ4xcD5d2Ry8kDo
7.968879
7
2018-02-26 20:08:54-05:00
4096
MD5
0de0ceb73fba415dc20a730f628429a6
0.816628
1572864
7.979303
MD5
74520bd2f6bb3211bd82b6f9547ff207
.rsrc
49152
4.290489
MD5
32762b0a8ae1347aebaba811505cadcf
.idata
512
1.308723
MD5
79cf217f58f3178dafbfe532c01ef5c4
512
0.264678
MD5
f0347e7e1ac9efb817c55b3ba9e5bf2d
suylcrzz
1505792
7.954736
MD5
4fb94c6713c62a51c1b230a2bc033fac
ajqluhke
512
3.110274
MD5
81610ae95a418f6ef9ef042b37a26c4a
Characterized_By
Connected_To
Figure 1
188.165.37.168
Connected_From
Related_To
80
TCP
MD5 and SHA1 of Malicious File
Malware Artifacts
MD5
cca9fbb11c194fc53015185b741887a8
SHA1
9e7bf03a607558dafe146907db28d77fda81be22
SHA256
fdb87add07d3459c43cfa88744656f6c00effa6b7ec92cb7c8b911d233aeb4ac
NCCIC
2020-02-12T13:54:55+00:00
MAEC Characterization of cca9fbb11c194fc53015185b741887a8
Antiy
Trojan/Win32.Casdet
McAfee
Trojan-Themida
K7
Trojan ( 0040f4ef1 )
Cyren
W32/Trojan.QBAU-3559
Symantec
Trojan Horse
Zillya!
Trojan.Themida.Win32.3185
ClamAV
Win.Trojan.Agent-7376504-0
BitDefender
Gen:Variant.Barys.1619
Microsoft Security Essentials
Trojan:Win32/Emotet
Sophos
Troj/Agent-BCXR
Emsisoft
Gen:Variant.Barys.1619 (B)
Avira
TR/Crypt.TPM.Gen
VirusBlokAda
Trojan.Wacatac
Ahnlab
Trojan/Win32.Agent
ESET
a variant of Win32/Packed.Themida.AOO trojan
NANOAV
Trojan.Win32.TPM.ggaakh
Ikarus
Trojan.Win32.Themida
emotet
trojan
10265965.r2.v1
Malicious Code
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected